NATO consolidates cyber security

At the Cyber Security Convention 2014, Ian west, Chief Cyber Security at NATOA, explained how a new cyber security team protects all NATO sites from Afghanistan to Iceland. A key role is here is fulfilled by N-CIRC (NATO Computer Incident Response Capability), established in Mons, in the province of Hainaut.

Since March this year, NATO has had a separate organization for cyber security. “We have created a service to cover all our cyber security activities”, says Ian West, Chief Cyber Security at NATO. West’s team includes two hundred staff, working in Mons, Brussels and The Hague. “In addition to that, we have cyber security activities in 34 other places”, he says. The team protects 54 locations between Afghanistan and Iceland, including the air base in Kleine-Brogel. Their tasks include protecting upwards of a hundred thousand user accounts.

“In addition to viruses and malware, we see a great many targeted attacks”, Ian West says. “Some of these come from organized crime. Hackers in search of sensitive information that they hope to be able to sell afterwards.” Other attacks are related to espionage. NATO has to repel a so-called state-sponsored attack on average up to fifty times a month. Plus the organization appears to be a popular target for hacktivists. From N-CIRC (NATO Computer Incident Response Capability) in Mons, Ian West’s team coordinates system engineering and system hardening actions, among other things, as well as incident detection and vulnerability management. “We are working on a consolidated approach to cyber security”, he says. “NATO not only has to monitor what is happening on land, at sea and in the air, but also in cyberspace.” NATO has earmarked a budget of EUR 58 million for its cyber defense.

Cooperation with industry“Setting up N-CIRC is not the final objective”, says Ian West. “We see cyber security as a journey. The threat evolves along with the technology. So there is always work to be done.” The NATO Communications & Information Agency – to which N-CIRC belongs – is cooperating with partners on a program to increase the resilience of the IT environment still further. “Among other things, we want to focus on prevention and proactive measures.” Cyber security was on the agenda at the NATO summit in Wales earlier this year, too. It emerged then, among other things, that NATO has plans to increase its cooperation with the IT industry via a NATO Industry Cyber Partnership. NATO is thus listening to the wise words of former Secretary General Anders Rasmussen: “In the connected world, we will succeed collectively or fail individually.”